Find notable cyber news and cases, enriched with sources, timelines, and signals.

BPFDoor Linux backdoor with HTTPS-hidden trigger packets

Malware Activity
First reported
Last updated
Happening score
H score 23
1 unique sources, 1 articles

Summary

Hide ▲

A newly disclosed BPFDoor variant is hiding trigger packets inside HTTPS traffic and using ICMP between infected hosts, making the Linux backdoor harder to detect in telecom environments. The implant is built for persistent access and low-noise control rather than loud exploitation. Its covert design increases the risk of long-term operator presence and lateral movement on compromised systems.

Related Happenings

TrojPix air-gap covert channel turns video cables into a high-speed exfiltration path

Technical Analysis
H score20 First: 06.07.2026 11:50 Last: 06.07.2026 11:50 Sources 1

About this happening: **TrojPix** introduces a new **air-gap exfiltration** technique that uses **imperceptible pixel modulation** and **video cable emissions** to move data out of isolated systems, ra...

SilentGlass launch as a monitor-connection protection security device

Security Tool/Service
H score46 First: 22.04.2026 18:00 Last: 22.04.2026 18:00 Sources 1

About this happening: The **UK National Cyber Security Centre** has released **SilentGlass**, a plug-and-play device that blocks unexpected or malicious signals between **HDMI** or **display port** con...

TBK DVR command injection flaw actively exploited (CVE-2024-3721)

Vulnerability
H score1 First: 20.04.2026 16:01 Last: 20.04.2026 16:01 Sources 1

About this happening: The **CVE-2024-3721** command injection flaw in **TBK DVR systems** is being actively exploited to gain access and install **Nexcorium** malware. Attackers abuse **crafted request...

Nexcorium Mirai botnet activity on TBK DVR devices

Malware Activity
H score27 First: 18.04.2026 09:01 Last: 18.04.2026 09:01 Sources 1

About this happening: **Nexcorium**, a **Mirai variant**, is now being deployed against **TBK DVR-4104** and **DVR-4216** devices by exploiting **CVE-2024-3721**, turning compromised IoT hardware into...

Payouts King ransomware QEMU reverse SSH backdoor activity

Malware Activity
H score32 First: 17.04.2026 22:10 Last: 17.04.2026 22:10 Sources 1

About this happening: **Payouts King ransomware** is using **QEMU** hidden virtual machines and a **reverse SSH backdoor** to keep covert access on compromised hosts and evade endpoint security. The ma...

Timeline

  1. 26.03.2026 19:40 2 articles · 3mo ago

    BPFDoor variant hides activation in HTTPS traffic

    Technical Analysis Update

    A newly documented BPFDoor variant extends a Linux backdoor by installing a kernel-level BPF filter, concealing the activation marker inside seemingly legitimate HTTPS traffic with a fixed-byte-offset check for the string "9999", and adding ICMP-based host-to-host communication for stealthy control and lateral movement in enterprise and telecom environments.

    Show sources